What is CVE-2025-66249?

CVE-2025-66249 is a vulnerability in Apache Software Foundation Livy, classified under Path Traversal. Published 2026-03-13.

Is CVE-2025-66249 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Apache Software Foundation Livy

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Se…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (24.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Livy — versions 0.3.0-incubating

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

sid6224/CVE-2025-66249-POC

References

lists.apache.org/thread/1xwphsfn4jbtym4k4o0zlvwfogwqwwc3 (vendor-advisory)

Frequently asked questions

What is CVE-2025-66249?: CVE-2025-66249 is a vulnerability in Apache Software Foundation Livy, classified under Path Traversal. Published 2026-03-13.
Is CVE-2025-66249 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.